Man’s best friend: why DNS is the secret cybersecurity superpet

The internet was a very different place in the 1980s. Connecting a machine to what was then the ARPAnet – a government-funded research network – wasn’t something you could do on a whim. You had to pick up the phone, call someone at the Stanford Research Institute, and ask nicely. That changed with the invention of the Domain Name System (DNS).

Introduced by Paul Mockapetris in the latter half of the decade, DNS automatically translated human-friendly domain names like “example.com” into machine-readable IP addresses, allowing users to access websites without needing to remember numerical strings. Before DNS, this process relied on a single, centralized text file that had to be manually updated and distributed, which obviously limited the network's size and scope.

As DNS allowed the internet to evolve from a research tool into a global communications platform, it didn’t take long for others to see where its vulnerabilities lay. Paul Vixie, another internet hall–of-famer who joked that those who created the modern internet were “just a bunch of young rebels who didn’t like the phone company monopoly," recognized that this foundational system – originally built for convenience – could become a target.

Because DNS sits at the heart of internet communication, handling every domain lookup, it became possible for attackers to hijack, redirect, or even monitor traffic at scale. These vulnerabilities persist today.

But the thing that makes DNS vulnerable is actually its greatest strength. In 2025, DNS does far more than connect names to numbers. Like a dog sitting loyally by its owner's side or a cat perched up high, it quietly watches everything that enters and leaves the area – an unexpected, sometimes underappreciated guardian that's already at home. All it needs is a bit of training. Can an old dog learn new tricks?

Guarding the gates

For a long time, DNS was treated like digital plumbing – essential but unglamorous, buried deep in the IT infrastructure stack and rarely discussed outside of network teams. But as cyber threats have become more dynamic and distributed, DNS has quietly emerged as one of the most strategic vantage points in cybersecurity. Every time a user clicks a link, opens an app, or connects to a service, a DNS query is made. That makes DNS not only a utility, but an opportunity. By inspecting and filtering these queries, Protective DNS (PDNS) turns a passive system into an active line of defense.

Unlike traditional tools that respond to threats after they’ve breached the perimeter, PDNS works upstream, blocking access to malicious domains, disrupting command-and-control channels, and preventing data exfiltration before any damage is done. It’s fast, scalable, and doesn’t rely on agents or deep system integration, which makes it uniquely suited to today’s hybrid, device-diverse environments. Think of it like the dog that doesn’t wait for burglars to get through the door, or for couriers to deliver a dodgy package – it senses something nefarious at the gate and raises the alarm before anyone else knows there’s trouble.

Hunters become the hunted

Here’s the thing: today’s cyber criminals don’t just rely on direct network assaults and malware – halcyon days when attacks could be spotted and shot down – they rely on infrastructure. Behind every phishing campaign, scam site, or credential-harvesting operation is a network of carefully arranged domains designed to evade detection and maximize reach.

One of the most effective tools in this arsenal is the Traffic Distribution System, or TDS. These systems act like sophisticated switchboards, directing users through a maze of domains based on geolocation, browser type, operating system, or even time of day. They serve up different payloads to different victims, filter out bots and researchers or blindside them by sending them to genuine sites while others fall into their trap, and even rotate domains frequently to stay one step ahead of blacklists.

Cybercriminal gangs can no longer be thought of as cowboys taking pot-shots at businesses – they are coordinated commercial enterprises. Take “Vigorish Viper” for instance – a criminal group that leverages TDS infrastructure as a front for illegal gambling and people trafficking. It operates over 170,000 domain names, evading detection and law enforcement through sophisticated use of DNS Traffic Distribution Systems while funneling users along a digital path that will eventually expose their data.

The sheer number of domains involved is where simple “domain-blocking” approaches start to fall apart. TDS networks are designed for redundancy, so blocking one domain in the chain simply triggers a redirect to another, and another, and another – often with hundreds in reserve. PDNS changes the game by targeting the infrastructure itself.

By recognizing and preemptively blocking patterns of domain registration, staging activity, and other connections to malicious actors, PDNS can stop an entire network of malicious domains before a single one is weaponized, turning Fido and Kitty into finely tuned hunters.

The UK’s shift to proactive defense

The criticality of PDNS has not gone unnoticed by governments around the world. In the UK, the government is moving decisively toward a more proactive, infrastructure-aware model of cybersecurity, and DNS is right at the heart of it. The National Cyber Security Centre (NCSC) has long championed the use of PDNS as part of its Active Cyber Defence program, offering a managed PDNS service to public sector organizations. It’s a recognition that the front lines of cybersecurity aren’t always defined by malware or endpoints – sometimes, they’re built on something as foundational as a domain name.

The growing importance of DNS and PDNS is also reflected in other various policies and practices. For instance, the US standards organization NIST, which offers global advice, has published a proposed revision of their 800-81 standard which includes detailed guidance for securing DNS operations and enhancing DNSSEC deployment. The EU’s relatively new NIS2 framework also explicitly recognizes DNS service providers as “essential entities” and strongly encourages the securing of DNS traffic.

The cybersecurity superpet

The cybersecurity industry loves new toys and continuous innovation remains crucial, but sometimes the most powerful defense is already in a security team’s arsenal – the cybersecurity superpet curled up at their feet. While new cybersecurity tactics emerge, it’s important not to forget that with a little training, DNS – while almost as old as the internet itself – can become the most effective ward against unseen network threats. It turns out you can teach an old dog new tricks.

We've featured the best endpoint protection software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro